fb88ac1258014d6c7dc56d86d59d1a370178e50e48c076fc38ff8626924345db

Analysis

max time kernel
46s
max time network
55s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
01/07/2024, 17:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
Size

333KB
MD5

1be6818c3ac399947b159abc1e479b4e
SHA1

b1886a31c7eb9d948cce71ddfd4512b15171c873
SHA256

fb88ac1258014d6c7dc56d86d59d1a370178e50e48c076fc38ff8626924345db
SHA512

40fc9f24662ed8483ee30a886e228c9f5e27bed3808b859bb36dc139c8dd66c1832e285dd79f6323c654815ca3372af295e2510946f9442f5e87edaeb5ea8dce
SSDEEP

6144:yo/JW7+CQRVtOD+KQPPxTbOoN+NPZFm/3U/DaouG070pdIgzbxgK:yo/JU+dIeXRbOw+NPY0ogRgK

Score

1^/10

Malware Config

Signatures

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
Token: SeIncBasePriorityPrivilege	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 1936 wrote to memory of 3436	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe	56
PID 1936 wrote to memory of 3436	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe	56
PID 1936 wrote to memory of 3436	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe	56
PID 1936 wrote to memory of 3436	1936	1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe	56

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3436
- C:\Users\Admin\AppData\Local\Temp\1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe
  "C:\Users\Admin\AppData\Local\Temp\1be6818c3ac399947b159abc1e479b4e_JaffaCakes118.exe"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1936

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/1936-0-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-49-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-64-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-214-0x0000000077352000-0x0000000077353000-memory.dmp

Filesize
4KB

Download
memory/1936-213-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-61-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-59-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-57-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-56-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-53-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-51-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-43-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-39-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-35-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-34-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-32-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-29-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-27-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-26-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-22-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-19-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-17-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-250-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-11-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-9-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-5-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-3-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-47-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-45-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-41-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-37-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-23-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-15-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-13-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-7-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-1-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download
memory/1936-257-0x00000000005B0000-0x0000000000602000-memory.dmp

Filesize
328KB

Download